All geek questions in one place

Communication Security

In the program I am developing (Linux), I need a very simple text IPC. To do this, it would be very simple to use a standard input / output channel. Can I trust that messages sent to the 'stdin process cannot be read by anyone? In addition, can I trust that if I kept the phone on my tier, only I could read what it outputs? I just want to make sure there are no procfs based tricks that can read from them.

+4
source share
4 answers

In my own limited testing (by running uniq | sort , then trying to track at both ends of the channel via /proc/XXX/fd ), it seems like I cannot read what is sent to this channel, but I can insert data into it.

In other words, do your own testing to see what you can and cannot do. :-)

0
source

As far as I know, there are no "tricks", and other users cannot read your stdin / stdout. Just remember that:

  • Other processes running as the same user can read the memory of your process; this is because security protects you from other users.
  • A process running as a superuser can do everything.

However, if you're processing sensitive data, check out mlock .

+1
source

There are no tricks, the only thing I can think about regarding detection if stdout is redirected to another place is to do it as in a simple C function as isredirected as shown here, except that the burden is up to you to make sure the messages saved ... Another thing, using procfs cheating requires root privileges to access some procfs functions ... so make sure you check there to make sure it does not work as root ...

 int isredirected(void){ if (!isatty(fileno(stdin))) return 1; return 0; }

Hope this helps, Regards, Tom.

+1
source

Honestly, I think it depends on how much you consider necessary for your application. I entered the GPG key password on stdin. I always ask the question "what is the acceptable risk?"

However, nothing will protect your application from rootkits in kernel space. It can read not only std I / O terminals, but also all your process memory when it starts. And probably override a few defenses that you have.

You can take a look at using the SELinux sandbox in combination with what you are doing - read more about it at http://danwalsh.livejournal.com/ if you really need this level of protection. libselinux allows you to interact with it to verify security, etc.

+1
source

Source: https://habr.com/ru/post/1301724/

More articles:


All Articles